Before leaving...
Discover our Exclusive Offer!
Privacy policy
Information on the processing of Personal Data
This information relates to the processing of data carried out by La Quintessenza S.R.L.S., with registered office in Via Ottaviano Augusto 59, 80070 Bacoli (NA) Italy, VAT number 08469391216, email hello@esteticaquintessenza.com (hereinafter the "Data Controller") , also in compliance with EU Regulation 2016/679 (hereinafter "GDPR").
In fact, the Data Controller may process personal data relating to customers and suppliers, agents, consultants, whether they are interested parties and/or contractors, as defined by current legislation on personal data.
DEFINITIONS
"Personal Data": means any information relating to an identified or identifiable natural person ("Data Subject"). An identifiable natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social. Pseudonymised personal data, which could be attributed to a natural person through the use of additional information, should be considered Personal Data.
«Data Processor»: means the natural or legal person who processes Personal Data on behalf of the Data Controller.
«Data Controller»: means the natural or legal person who, individually or together with others, determines the purposes and means of the processing of Personal Data.
"Processing": means any operation or set of operations, performed with or without the aid of automated processes and applied to Personal Data or sets of Personal Data, such as the collection, registration, organization, structuring, conservation , adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
Identity and contact details of the data controller
The data controller is La Quintessence S.R.L.S.
Since the Data Controller is established in Italy, no representative has been appointed.
Purpose of the processing and legal basis of the processing
Personal data will be processed for the following purposes:
- for contractual purposes and, in particular, to allow the purchase of services and products through the Owner's E-commerce. In this case, the need to proceed with the processing for the purpose of executing the contract constitutes a legal basis. The communication of personal data constitutes an obligation for the interested parties; in case of failure to communicate such data, however, it will not be possible to conclude any contract;
- to send direct marketing communications, newsletters, advertising material, by means of traditional contact systems and automated IT systems, including commercial or promotional communications by email or SMS, or for market research and analysis. In this case, the consent, expressed in accordance with this information, constitutes a legal basis;
- for activity of determining habits and preferences through profiling treatments. In this case, the consent of the interested party, expressed in accordance with this information, constitutes a legal basis. In relation to the personal data processed, the communication of personal data is not a contractual obligation. The interested party has the right to provide personal data; in case of failure to communicate such data, however, it will not be possible to carry out any profiling activity;
- for purposes related to related legal obligations, in this case, the legal obligation of the Data Controller to process such personal data in compliance with the applicable national legislation constitutes a legal basis.
Method of expressing consent
Consent, where required, may be expressed by signing a computerized document, also through specific flagboxes.
Method of treatment and logic
- In relation to the personal data processed for the purposes referred to in point a) number 2 of this information (contractual and pre-contractual purposes) the processing will take place through automated logics and the use of CRM-type management software that will allow you to better manage the fulfillment contractual obligations;
- In relation to the personal data processed for the purposes referred to in point b) number 2 of this information (marketing purposes), the processing will be carried out using software for sending commercial information.
- In relation to the personal data processed for the purposes referred to in point c) number 2 (profiling), the processing will take place through CRMs that allow you to define tastes and preferences in order to offer personalized services and communications. For further details, see the next point.
- In relation to the personal data processed and stored for the purposes referred to in point d), number 2 (law purposes), the processing will take place using paper tools, automated logics and the use of CRM-type management software that will allow you to better manage the fulfillment of contractual obligations.
Automated decision making and profiling
In the event that the interested party gives his consent to the processing of personal data for the purpose of using personalized services through profiling, the same may be subject to an automated decision-making process, using a specific algorithm that will decide which communications are more suitable for his profile or which ones might be of more interest. The treatment carried out in this way has, as foreseen consequences, by way of example, the sending of highly profiled commercial communications, the sending of discounts, the sending of invitations to events deemed of interest, etc.
In any case, the interested party has the right to obtain human intervention in the decision-making process by the Data Controller, to express his or her opinion, to obtain an explanation of the decision reached and to contest the decision itself, in accordance with art. . 22 GDPR.
Source from which the personal data originates
Only the data provided in compliance with this information will be processed. Personal data from sources accessible to the public will not be processed.
Recipients and any categories of recipients of personal data
The recipients of personal data may be:
- communications companies that carry out commercial communication activities and profiling activities on behalf of the Data Controller, if the relative consent has been expressed, which hold the position of data processors;
- companies offering information society services, including, in particular, those offering hosting services;
- companies that carry out statistical and market surveys, if the relative consent has been given;
- auditing companies;
- partner companies of the Data Controller;
Data categories
Personal data will be processed. Under no circumstances will particular data be processed pursuant to art. 9 of the GDPR.
Data transfer
The Data Controller intends to transfer personal data to a third country or to an international organization. These subjects could be represented, by way of example, by:
- communications companies that carry out communication activities on behalf of the Data Controller;
- communication society service provider;
- subsidiary and/or parent organizations.
The transfer of personal data to these subjects, if established in a third country or an international organization, is carried out in the presence of an adequacy decision by the European Commission, which has verified how the third country, the territory or one or more specific sectors within the third country, or the international organization in question ensure an adequate level of protection of rights. In any case, the Data Controller - if he deems it appropriate in any case - reserves the right to conclude specific separate agreements that oblige these subjects to adopt adequate security measures, including organizational ones, aimed at offering appropriate guarantees regarding the rights. The data may thus be transferred to the following countries: United States of America. To obtain a copy of such data or the place where they were made available, it is sufficient to send the relative request to the Data Controller, to the addresses in the epigraph.
Period of retention of personal data
- Personal data processed and stored for the purposes referred to in points a) and d), number 2 (contractual and pre-contractual purposes and fulfillment of legal obligations) are processed and stored in accordance with current legislation and, in any case, for a period of time not exceeding 10 years starting from the cessation of the effects of the contract in case of conclusion of the same, unless otherwise required by law;
- Personal data processed for the purposes referred to in point b) number 2 of this information (marketing purposes) are processed and stored until the relative cancellation and/or revocation is requested by the interested party
- Personal data processed for the purposes referred to in point c) number 2 (purpose of determining preferences) are processed and stored for a period of time not exceeding 12 months starting from collection.
Optional nature of consent and consequences of non-consent
- In relation to the personal data processed for the purposes referred to in point a) number 2 of this information (contractual and pre-contractual purposes), the communication of personal data constitutes an obligation; in case of failure to communicate such data, it will not be possible to conclude any contract.
- In relation to the personal data processed for the purposes referred to in point b) number 2 of this information (marketing purposes) the communication of personal data is not a contractual obligation. You are entitled to provide personal data; in case of failure to communicate such data, however, it will not be possible to carry out any marketing activity.
- In relation to the personal data processed for the purposes referred to in point c) number 2 of this information (purpose of determining preferences), the communication of personal data is not a contractual obligation. The interested party has the right to provide personal data; in case of failure to communicate such data, it will not be possible to carry out any profiling activity.
- In relation to the personal data processed for the purposes referred to in point d) number 2 of this information (legal obligations) the communication of personal data is a legal obligation.
Right to object
The interested party has the right to object in the following terms:
- the right to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him pursuant to article 6, paragraph 1, letters e) or f) of the GDPR. The Data Controller refrains from further processing personal data unless he demonstrates the existence of binding legitimate reasons for proceeding with the processing which prevail over the interests, rights and freedoms of the interested party or for the assessment, exercise or defense of a right in court;
- if personal data are processed for direct marketing purposes, there is the right to object at any time to the processing of personal data concerning you carried out for these purposes, including profiling to the extent that it is connected to such direct marketing;
- in case of opposition to the processing for direct marketing purposes, the personal data are no longer processed for these purposes. It is specified that the interested party's right to object to the processing of their personal data for the aforementioned purposes may also be exercised only in part, i.e. by opposing, for example, only the sending of promotional communications via automated and/or digital tools, or the sending of paper communications;
- if personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to article 89, paragraph 1 of the GDPR, the interested party, for reasons connected with his particular situation, has the right to object to the processing of data personal data concerning you, except in the case in which the treatment is necessary for the execution of a task of public interest.
Other rights
The Data Controller also intends to inform you of the existence of the following rights:
- Right of access: the interested party has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning him or her is being processed and, in this case, to obtain access to personal data and specific information, in compliance with art. 15 of the GDPR;
- Right of rectification: the interested party has the right to obtain from the Data Controller the rectification of inaccurate personal data concerning him without unjustified delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration, in accordance with art. 16 of the GDPR;
- Right to data cancellation, including the right to withdraw consent: the interested party has the right to obtain from the Data Controller the cancellation of personal data concerning him without unjustified delay and the Data Controller has the obligation to cancel without unjustified delay the personal data, or to revoke your consent, if the reasons defined by art. 17 of the GDPR. As regards the right to withdraw, the interested party also has the right to withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation;
- Right to limitation of treatment: the interested party has the right to obtain from the Data Controller the limitation of treatment when the hypotheses defined by art. 18 of the GDPR;
- Right to data portability: the interested party has the right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to the Data Controller and has the right to transmit such data to another data controller without impediments by the Data Controller in the cases and under the conditions specified by art. 20 of the GDPR;
- The contractor's right to object to commercial communications: the contractor has the right to object at any time, free of charge, to the receipt of commercial communications.
Exercise of rights
Requests to exercise the rights indicated in this information, including, in particular, the right to cancellation and the right to revoke the consent given, must be addressed directly to the Data Controller at the email address hello@esteticaquintessenza.com. Alternatively, it is possible to exercise one's rights by sending the relative communication by registered letter with return receipt to the address Via Ottaviano Augusto 59, 80070 Bacoli (NA), Italy.
Accessibility of information
The information is accessible from the Owner. If expressly requested, the information can also be provided orally, provided that the identity of the applicant is proven, by means of a telephone request addressed to the addresses of the Data Controller.
Changes
The Data Controller may make changes to this privacy statement, also in order to implement changes in national and/or community legislation, to adapt to technological innovations or for other reasons. Any new versions of this privacy policy will be reported on the Site. The interested party is therefore invited to periodically check the privacy policy. In any case, any modification will be communicated to the interested parties (users) through pop-ups on the site or through different IT methods/tools. In the event that substantial changes are made to this privacy statement with a change in the purposes of processing and/or the categories of data processed, the Data Controller will inform the interested party, requesting the necessary consents for this purpose.
This information relates to the processing of data carried out by La Quintessenza S.R.L.S., with registered office in Via Ottaviano Augusto 59, 80070 Bacoli (NA) Italy, VAT number 08469391216, email hello@esteticaquintessenza.com (hereinafter the "Data Controller") , also in compliance with EU Regulation 2016/679 (hereinafter "GDPR").
In fact, the Data Controller may process personal data relating to customers and suppliers, agents, consultants, whether they are interested parties and/or contractors, as defined by current legislation on personal data.
DEFINITIONS
"Personal Data": means any information relating to an identified or identifiable natural person ("Data Subject"). An identifiable natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more characteristic elements of his physical identity, physiological, genetic, psychic, economic, cultural or social. Pseudonymised personal data, which could be attributed to a natural person through the use of additional information, should be considered Personal Data.
«Data Processor»: means the natural or legal person who processes Personal Data on behalf of the Data Controller.
«Data Controller»: means the natural or legal person who, individually or together with others, determines the purposes and means of the processing of Personal Data.
"Processing": means any operation or set of operations, performed with or without the aid of automated processes and applied to Personal Data or sets of Personal Data, such as the collection, registration, organization, structuring, conservation , adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
Identity and contact details of the data controller
The data controller is La Quintessence S.R.L.S.
Since the Data Controller is established in Italy, no representative has been appointed.
Purpose of the processing and legal basis of the processing
Personal data will be processed for the following purposes:
- for contractual purposes and, in particular, to allow the purchase of services and products through the Owner's E-commerce. In this case, the need to proceed with the processing for the purpose of executing the contract constitutes a legal basis. The communication of personal data constitutes an obligation for the interested parties; in case of failure to communicate such data, however, it will not be possible to conclude any contract;
- to send direct marketing communications, newsletters, advertising material, by means of traditional contact systems and automated IT systems, including commercial or promotional communications by email or SMS, or for market research and analysis. In this case, the consent, expressed in accordance with this information, constitutes a legal basis;
- for activity of determining habits and preferences through profiling treatments. In this case, the consent of the interested party, expressed in accordance with this information, constitutes a legal basis. In relation to the personal data processed, the communication of personal data is not a contractual obligation. The interested party has the right to provide personal data; in case of failure to communicate such data, however, it will not be possible to carry out any profiling activity;
- for purposes related to related legal obligations, in this case, the legal obligation of the Data Controller to process such personal data in compliance with the applicable national legislation constitutes a legal basis.
Method of expressing consent
Consent, where required, may be expressed by signing a computerized document, also through specific flagboxes.
Method of treatment and logic
- In relation to the personal data processed for the purposes referred to in point a) number 2 of this information (contractual and pre-contractual purposes) the processing will take place through automated logics and the use of CRM-type management software that will allow you to better manage the fulfillment contractual obligations;
- In relation to the personal data processed for the purposes referred to in point b) number 2 of this information (marketing purposes), the processing will be carried out using software for sending commercial information.
- In relation to the personal data processed for the purposes referred to in point c) number 2 (profiling), the processing will take place through CRMs that allow you to define tastes and preferences in order to offer personalized services and communications. For further details, see the next point.
- In relation to the personal data processed and stored for the purposes referred to in point d), number 2 (law purposes), the processing will take place using paper tools, automated logics and the use of CRM-type management software that will allow you to better manage the fulfillment of contractual obligations.
Automated decision making and profiling
In the event that the interested party gives his consent to the processing of personal data for the purpose of using personalized services through profiling, the same may be subject to an automated decision-making process, using a specific algorithm that will decide which communications are more suitable for his profile or which ones might be of more interest. The treatment carried out in this way has, as foreseen consequences, by way of example, the sending of highly profiled commercial communications, the sending of discounts, the sending of invitations to events deemed of interest, etc.
In any case, the interested party has the right to obtain human intervention in the decision-making process by the Data Controller, to express his or her opinion, to obtain an explanation of the decision reached and to contest the decision itself, in accordance with art. . 22 GDPR.
Source from which the personal data originates
Only the data provided in compliance with this information will be processed. Personal data from sources accessible to the public will not be processed.
Recipients and any categories of recipients of personal data
The recipients of personal data may be:
- communications companies that carry out commercial communication activities and profiling activities on behalf of the Data Controller, if the relative consent has been expressed, which hold the position of data processors;
- companies offering information society services, including, in particular, those offering hosting services;
- companies that carry out statistical and market surveys, if the relative consent has been given;
- auditing companies;
- partner companies of the Data Controller;
Data categories
Personal data will be processed. Under no circumstances will particular data be processed pursuant to art. 9 of the GDPR.
Data transfer
The Data Controller intends to transfer personal data to a third country or to an international organization. These subjects could be represented, by way of example, by:
- communications companies that carry out communication activities on behalf of the Data Controller;
- communication society service provider;
- subsidiary and/or parent organizations.
The transfer of personal data to these subjects, if established in a third country or an international organization, is carried out in the presence of an adequacy decision by the European Commission, which has verified how the third country, the territory or one or more specific sectors within the third country, or the international organization in question ensure an adequate level of protection of rights. In any case, the Data Controller - if he deems it appropriate in any case - reserves the right to conclude specific separate agreements that oblige these subjects to adopt adequate security measures, including organizational ones, aimed at offering appropriate guarantees regarding the rights. The data may thus be transferred to the following countries: United States of America. To obtain a copy of such data or the place where they were made available, it is sufficient to send the relative request to the Data Controller, to the addresses in the epigraph.
Period of retention of personal data
- Personal data processed and stored for the purposes referred to in points a) and d), number 2 (contractual and pre-contractual purposes and fulfillment of legal obligations) are processed and stored in accordance with current legislation and, in any case, for a period of time not exceeding 10 years starting from the cessation of the effects of the contract in case of conclusion of the same, unless otherwise required by law;
- Personal data processed for the purposes referred to in point b) number 2 of this information (marketing purposes) are processed and stored until the relative cancellation and/or revocation is requested by the interested party
- Personal data processed for the purposes referred to in point c) number 2 (purpose of determining preferences) are processed and stored for a period of time not exceeding 12 months starting from collection.
Optional nature of consent and consequences of non-consent
- In relation to the personal data processed for the purposes referred to in point a) number 2 of this information (contractual and pre-contractual purposes), the communication of personal data constitutes an obligation; in case of failure to communicate such data, it will not be possible to conclude any contract.
- In relation to the personal data processed for the purposes referred to in point b) number 2 of this information (marketing purposes) the communication of personal data is not a contractual obligation. You are entitled to provide personal data; in case of failure to communicate such data, however, it will not be possible to carry out any marketing activity.
- In relation to the personal data processed for the purposes referred to in point c) number 2 of this information (purpose of determining preferences), the communication of personal data is not a contractual obligation. The interested party has the right to provide personal data; in case of failure to communicate such data, it will not be possible to carry out any profiling activity.
- In relation to the personal data processed for the purposes referred to in point d) number 2 of this information (legal obligations) the communication of personal data is a legal obligation.
Right to object
The interested party has the right to object in the following terms:
- the right to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him pursuant to article 6, paragraph 1, letters e) or f) of the GDPR. The Data Controller refrains from further processing personal data unless he demonstrates the existence of binding legitimate reasons for proceeding with the processing which prevail over the interests, rights and freedoms of the interested party or for the assessment, exercise or defense of a right in court;
- if personal data are processed for direct marketing purposes, there is the right to object at any time to the processing of personal data concerning you carried out for these purposes, including profiling to the extent that it is connected to such direct marketing;
- in case of opposition to the processing for direct marketing purposes, the personal data are no longer processed for these purposes. It is specified that the interested party's right to object to the processing of their personal data for the aforementioned purposes may also be exercised only in part, i.e. by opposing, for example, only the sending of promotional communications via automated and/or digital tools, or the sending of paper communications;
- if personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to article 89, paragraph 1 of the GDPR, the interested party, for reasons connected with his particular situation, has the right to object to the processing of data personal data concerning you, except in the case in which the treatment is necessary for the execution of a task of public interest.
Other rights
The Data Controller also intends to inform you of the existence of the following rights:
- Right of access: the interested party has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning him or her is being processed and, in this case, to obtain access to personal data and specific information, in compliance with art. 15 of the GDPR;
- Right of rectification: the interested party has the right to obtain from the Data Controller the rectification of inaccurate personal data concerning him without unjustified delay. Taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration, in accordance with art. 16 of the GDPR;
- Right to data cancellation, including the right to withdraw consent: the interested party has the right to obtain from the Data Controller the cancellation of personal data concerning him without unjustified delay and the Data Controller has the obligation to cancel without unjustified delay the personal data, or to revoke your consent, if the reasons defined by art. 17 of the GDPR. As regards the right to withdraw, the interested party also has the right to withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation;
- Right to limitation of treatment: the interested party has the right to obtain from the Data Controller the limitation of treatment when the hypotheses defined by art. 18 of the GDPR;
- Right to data portability: the interested party has the right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to the Data Controller and has the right to transmit such data to another data controller without impediments by the Data Controller in the cases and under the conditions specified by art. 20 of the GDPR;
- The contractor's right to object to commercial communications: the contractor has the right to object at any time, free of charge, to the receipt of commercial communications.
Exercise of rights
Requests to exercise the rights indicated in this information, including, in particular, the right to cancellation and the right to revoke the consent given, must be addressed directly to the Data Controller at the email address hello@esteticaquintessenza.com. Alternatively, it is possible to exercise one's rights by sending the relative communication by registered letter with return receipt to the address Via Ottaviano Augusto 59, 80070 Bacoli (NA), Italy.
Accessibility of information
The information is accessible from the Owner. If expressly requested, the information can also be provided orally, provided that the identity of the applicant is proven, by means of a telephone request addressed to the addresses of the Data Controller.
Changes
The Data Controller may make changes to this privacy statement, also in order to implement changes in national and/or community legislation, to adapt to technological innovations or for other reasons. Any new versions of this privacy policy will be reported on the Site. The interested party is therefore invited to periodically check the privacy policy. In any case, any modification will be communicated to the interested parties (users) through pop-ups on the site or through different IT methods/tools. In the event that substantial changes are made to this privacy statement with a change in the purposes of processing and/or the categories of data processed, the Data Controller will inform the interested party, requesting the necessary consents for this purpose.